netfilter: nf_tables: Add support for IPv6 NAT

This patch generalizes the NAT expression to support both IPv4 and IPv6 using the existing IPv4/IPv6 NAT infrastructure. This also adds the NAT chain type for IPv6. This patch collapses the following patches that were posted to the netfilter-devel mailing list, from Tomasz: * nf_tables: Change NFTA_NAT_ attributes to better semantic significance * nf_tables: Split IPv4 NAT into NAT expression and IPv4 NAT chain * nf_tables: Add support for IPv6 NAT expression * nf_tables: Add support for IPv6 NAT chain * nf_tables: Fix up build issue on IPv6 NAT support And, from Pablo Neira Ayuso: * fix missing dependencies in nft_chain_nat Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> 2013-10-10 07:39:19 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-10-14 12:00:58 -0400
commit: eb31628e37a0a4e01fffd79dcc7f815d2357f53a (patch)
tree: 8f78d641ddc8817109b55cedb114e4a4a8d9c045 /include/uapi/linux
parent: 9ddf63235749a9efa1fad2eeb74be2ee9b580f8d (diff)
1 files changed, 10 insertions, 8 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index a9c4bce1988f..7d4a1992f89c 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -695,18 +695,20 @@ enum nft_nat_types {
 * enum nft_nat_attributes - nf_tables nat expression netlink attributes
 *
 * @NFTA_NAT_TYPE: NAT type (NLA_U32: nft_nat_types)
- * @NFTA_NAT_ADDR_MIN: source register of address range start (NLA_U32: nft_registers)
+ * @NFTA_NAT_FAMILY: NAT family (NLA_U32)
- * @NFTA_NAT_ADDR_MAX: source register of address range end (NLA_U32: nft_registers)
+ * @NFTA_NAT_REG_ADDR_MIN: source register of address range start (NLA_U32: nft_registers)
- * @NFTA_NAT_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
+ * @NFTA_NAT_REG_ADDR_MAX: source register of address range end (NLA_U32: nft_registers)
- * @NFTA_NAT_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers)
+ * @NFTA_NAT_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
+ * @NFTA_NAT_REG_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers)
 */
 enum nft_nat_attributes {
        NFTA_NAT_UNSPEC,
        NFTA_NAT_TYPE,
-        NFTA_NAT_ADDR_MIN,
+        NFTA_NAT_FAMILY,
-        NFTA_NAT_ADDR_MAX,
+        NFTA_NAT_REG_ADDR_MIN,
-        NFTA_NAT_PROTO_MIN,
+        NFTA_NAT_REG_ADDR_MAX,
-        NFTA_NAT_PROTO_MAX,
+        NFTA_NAT_REG_PROTO_MIN,
+        NFTA_NAT_REG_PROTO_MAX,
        __NFTA_NAT_MAX
 };
 #define NFTA_NAT_MAX            (__NFTA_NAT_MAX - 1)
author	Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>	2013-10-10 07:39:19 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-10-14 12:00:58 -0400
commit	eb31628e37a0a4e01fffd79dcc7f815d2357f53a (patch)
tree	8f78d641ddc8817109b55cedb114e4a4a8d9c045 /include/uapi/linux
parent	9ddf63235749a9efa1fad2eeb74be2ee9b580f8d (diff)